Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
problem with port 587
Hello all,
i' ve a problem in sending emails via outlook, we' ra using google apps (smtp.gmail.com), in all outlook we have defined the 587 port like the deault outgoing smtp.
So i added a policy (wich accept port 587(tcp & udp),pop3s,smtp,smtps,MMS) from the lan to internet with the nat enabled. but we can' t send emails!
knowning that when i accept any it' s OK.
in the traffic log i see 587/tcp with ths status drop !
any idea please?
Best regards.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Make sure the policy is moved higher up in the firewall policy list and/or that there is no policy above it that is causing the packet to be dropped.
If you are viewing the logs via the GUI, clicking on the log entry should give you more info on why the packet was dropped (e.g. which policy ID was processed).
Outlook has a debugging or logging mode, which you can enable to see where it is " choking" when it attempts to send email.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try the following from the CLI:
diagnose debug enable
diagnose debug flow filter clear
diagnose debug flow filter port 587
diagnose debug flow show console enable
diagnose debuf flow show function-name enable
diagnose debug flow trace start 100
then initiate the traffic from Outlook on your workstation. You should see some output on your CLI session and then you should see which policy/etc that is causing the problem. If you have a ton of traffic on 587 you can also do a
diagnose debug flow filter addr xxx.xxx.xxx.xxx
where the xxx' s is your source IP address. When done, don' t forget to disable the debug functions and clear the debug flow filter (if you want to).
diagnose debug flow filter clear (clears the debug filter)
diagnose debug disable
Here is a link to an article on how to diagnose traffic issues: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30038&sliceId=2&docTypeID=DT_KCARTICLE_1_1&dialogID=38052017&stateId=0%200%2038050638
-TJ
-TJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
THank you very much for your precious help,
i followed your steps and i saw that the policy matching is 0.
But the problem was when i created the custom service, on the source port i typed 0

